HOWTO use TOR to enhance your privacy

Here's the final installment in the amazing Instructables series of HOWTOs inspired by my young adult novel Little Brother. This week, it's a HOWTO on TOR, The Onion Router, a technology for increasing your privacy and anonymity when you look at the web, and for getting around censorwalls.

The Instructables folks did an amazing job with this -- and the response has been great!

When you go online, you leave tracks all over the place. You could be hanging out with friends on IM, checking out websites, or downloading music. If you live in a country where snoops are prying into what ordinary citizens do online (lke, um, the US) you want a way to cover those tracks.

If you're in school, though, then it's even worse. No matter what country you're in, chances are that your access to the internets is as snooped-on as any police state in the world.

So, how do we escape our little virtual prisons? In this Instructable, I'll tell you about something called Tor (The Onion Router.) I'll tell you how it works, and then offer some simple instructions on how to get your web browser hooked up. No more getting snooped!

Tor is more for anonymity than privacy. if I run a Tor node and your data is coming from it, all I need to do is set up a packet sniffer. If your stuff isn’t encrypted as it leaves or enters my pc, it isn’t private.

Tor anonymizes your IP address to servers which you connect to. It does not make insecure data secure. It does not, on its own, make anything more secure or more private.

Please stop billing Tor as a privacy enhancer. Tor ADDS MIDDLEMEN to your network traffic, any of whom can be sniffing your traffic.

…The great thing about this is that finally, those who’ve been blocked from contributing to Wikipedia by one or more of the petty little “cabals” that have taken over the genre articles can now regain access and help at least try to keep the content balanced.

It’s a file naming convention from source code distributions. Spaces (weren’t) allowed (and still are bad form) and typing the letters in all caps meant that when display the directory listing in default ascii sorted order, the filenames would be listed first. Other common files are:

the first line ‘StrictExitNodes 1′ forces tor to only use exitnode in the list provided
the lines below are the list of nodenames themselves seperated by commas

exitnode names can be found in
/vidalia control panel/view the network

they can be organised by country , throughput and iirc uptime

—————————————————–

Always assume your tor connection is being watched
do not leave personal information over an open connection (tor exit node|open wifi), do not use insecure mail apps ie GMAIL
as your name and pass can be revealed and abused

I’d be willing to bet that 99% of TOR users are Nigerian 419 scammers using it to launder their connection to the web mail systems they abuse. Just like 99% of TTY relay users.

It’s a fine idea in theory, but in practice it’s been rapidly coopted by the lowest common denominator. Which seems to be the universal fate of idealistic anarchies, for reasons obvious to everyone but idealistic anarchists.

Unfortunately, everyone else now gets to deal with the fallout of a system that is a near-perfect fraud enabler. It’s now necessary to create and maintain lists of TOR exit points, and add mechanisms for denying access to any service you don’t want flooded with Nigerian fraud based on those lists.

they shouldn’t promote tor like they do. Tor must be use only by experienced user who are really aware of how the tor network work.

By using an exit node, the only thing you hide is your IP and not the content of your traffic. This is a big issue, if you are sending normally your traffic from A to B thought C (internet provider), with tor, you are sending your traffic from A to B, thought D (exit node), E (c’s internet provider). You hide your content only to C and the common user have no idea who could be D and E. (C can equals E)

if you are not an experienced user, you probably decrease your privacy by using Tor and an exit node. (not if you are using only hidden services)

Just be DAMN sure you have your system set up so that you’re actually anonymous. And practice secure browsing. Don’t send any kind of identifying information, don’t browse email, don’t use passwords, don’t log into forums, and so on. Most of the known exit nodes have been watched like a hawk ever since asshats started using Tor to get their illegal porn, and if you really want to be anonymous that’s not the kind of environment you want to send your information through.

As former executive director of The Tor Project, hardly a day went by when I wasn’t talking to people who were grateful for the service. Those folks included journalists, bloggers, activists, union organizers, people with health issues, people participating in support groups online for drug/alcohol/abuse issues, and a plethora of others who want anonymity for perfectly legitimate, and sometimes quite laudable reasons.

Our country was founded by activists who had to use anonymous publishing (at that time, broadsheets and leafleting) to organize a rebellion against what they perceived as tyranny.

Every day, the journalists you read online are risking much — sometimes their lives — to file the stories you want to know from danger zones all over the world.

Are there people who abuse anonymity? Yes. But if any one person can be anonymous, all people can — it’s the actual structural nature of the beast.

Do you want to live in a world where some folks can abuse the system, but we preserve important freedoms of expression, freedom of the press, and the ability to access information without fear?

Tor’s anonymity has been hacked …
[quote]
Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes.
[/quote]